Docket No. CISCO-3168 

Listing of the Claims : 

This listing of claims will replace all prior versions, and listings, of claims in the application: 

1 . (Previously Presented) A method for authorizing a command from a user received at a 
network device separate and distinct from an Authentication, Authorization, and Accounting 
(AAA) server, the method including: 

establishing a RADIUS session with the user; 

receiving a user profile for the user at the network device from a AAA server, the user 
profile containing information regarding which commands the user is authorized to execute, the 
information including a command set described by regular expressions; 

storing the user profile in a memory accessible by the network device; 

receiving the command from the user; 

determining whether the command is authorized based on the information in the user 
profile stored in the memory; and 

authorizing or rejecting the command in response to said determining. 

2. (Original) The method of claim 1, wherein the network device is a Network Access 
Server (NAS). 

3. (Original) The method of claim 1, further including purging said user profile from said 
memory when said RADIUS session is terminated. 
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4. (Original) The method of claim 1, wherein said determining includes comparing said 
command to a command set contained in said user profile and said authorizing includes 
authorizing the command if it is contained in said command set. 

5. (Original) The method of claim 4, wherein said command set is a list of previously 
authorized commands. 

6. (Original) The method of claim 4, wherein said command set is described by regular 
expressions. 

7. (Previously Presented) An apparatus for authorizing a command from a user received at a 
network device separate and distinct from an Authentication, Authorization, and Accounting 
(AAA) server, the apparatus including: 

a RADIUS session initiator; 

a user profile receiver coupled to said RADIUS session initiator and coupled to a AAA 

server; 

a memory; 

a user profile storer coupled to said user profile receiver and said memory; 
a command receiver; 

an authorized command determiner coupled to said command receiver and to said 
memory; and 

a command authorizer coupled to said authorized command determiner. 
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8. (Original) The apparatus of claim 7, wherein the network device is a Network Access 
Server (NAS). 

9. (Original) The apparatus of claim 7, further including a user profile purger coupled to 
said memory. 

10. (Original) The apparatus of claim 7, wherein said authorized command determiner 
includes a command set comparer coupled to said memory and wherein said memory includes a 
user profile having a command set. 

1 1 . (Original) The apparatus of claim 10, wherein said command set is a list of previously 
authorized commands. 

12. (Original) The apparatus of claim 10, wherein said command set is described by regular 
expressions. 

13. (Previously Presented) An apparatus for authorizing a command from a user received at a 
network device separate and distinct from an Authentication, Authorization, and Accounting 
(AAA) server, the method including: 

means for establishing a RADIUS session with the user; 

means for receiving a user profile for the user at the network device from a AAA server, 

the user profile containing information regarding which commands the user is authorized to 

execute, the information including a command set described by regular expressions; 

means for storing the user profile in a memory accessible by the network device; 
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means for receiving the command from the user; 

means for determining whether the command is authorized based on the information in 
the user profile stored in the memory; and 

means for authorizing or rejecting the command in response to said determining. 

14. (Original) The apparatus of claim 13, wherein the network device is a Network Access 
Server (NAS). 

15. (Original) The apparatus of claim 13, further including means for purging said user 
profile from said memory when said RADIUS session is terminated. 

16. (Original) The apparatus of claim 13, wherein said means for determining includes 
means for comparing said command to a command set contained in said user profile and said 
means for authorizing includes means for authorizing the command if it is contained in said 
command set. 

17. (Original) The apparatus of claim 16, wherein said command set is a list of authorized 
commands. 

18. (Original) The apparatus of claim 16, wherein said command set is described by regular 
expressions. 

19. (Previously Presented) A program storage device readable by a machine, tangibly 

embodying a program of instructions executable by the machine to perform a method for 
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authorizing a command from a user received at a network device separate and distinct from an 
Authentication, Authorization, and Accounting (AAA) server, the method including: 
establishing a RADIUS session with the user; 

receiving a user profile for the user at the network device from a AAA server, the user 
profile containing information regarding which commands the user is authorized to execute, the 
information including a command set described by regular expressions; 

storing the user profile in a memory accessible by the network device; 

receiving the command from the user; 

determining whether the command is authorized based on the information in the user 
profile stored in the memory; and 

authorizing or rejecting the command in response to said determining. 
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